Tag Archives: Hack

Sometimes, you just need to do a quick remote log in to someone else’s computer. There are plenty of tools available for doing this. But most of them are either expensive to purchase or difficult to set up. Remote desktop app TeamViewer changed all that with a series of free cross-platform, lightweight apps that require only a couple of numeric codes in order to connect to a remote machine. This has made TeamViewer very popular, and in turn, an inevitable target for hackers.

Last week, threads began surfacing on Reddit written by TeamViewer users claiming they had been hacked thru the app. Most of the hacking claims had common points. Users who were initially away from their computers came back to find their machines were being remotely controlled and directed to website like PayPal, eBay, and Amazon. This instance was reported by Reddit user psiren66:

I was sitting on my couch at 12am and all of a sudden my machine light up.
It opened an eBay page ans started trying to buy iTunes cards. I noticed that teamviewer was running as it’s access. as soon as i touched my mouse they disconnected. I opened my teamviewer and roughly 50 accounts had been added to it.
Changed all my passwords instantly. and added two step verification to my email and teamviewer accounts.

TeamViewer spokesman Axel Schmidt acknowledged to Ars that the number of takeovers was “significant,” but he continued to maintain that the compromises are the result of user passwords that were compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.

If you’re a regular TeamViewer user, you should consider changing your password and possibly adding two-factor authentication to your account. If you use the application sparingly, you may just want to remove it completely from your computer until you need it again. The application is a quick download and it’d only take a few minutes to reinstall.

If there’s one connection that was inevitable to happen it would be the joy of home-delivered pizza being paired with the convenience that only the internet can provide. First, it became possible to order pizza direct from a restaurant’s website without having to even place a phone call. And now it’s even easier to purchase a pie online using mobile apps on a smartphone or tablet. While pizza makers have been quick to embrace new technologies, Dominos Pizza might be a little gun shy to jump on the next bandwagon.

Earlier this week, a UK security consultant named Paul Price blogged about an order he’d place with Domino’s using the pizza chain’s Android app. Price was curious to understand more about how the app worked. Using the skills he’d developed as a consultant, he was able to access the app’s source code and watch what it did while processing his order. He was surprised to find that the app was actually handling his payment locally, on his device, as opposed to sending the information to the Domino’s server. By implementing a relatively simple hack, Price was able to circumvent the payment system by sending a signal back to the Domino’s site indicating that his order was paid for when in fact, no payment information was given.

This effectively gave Price the ability to order potentially unlimited amounts of pizza for free! Price contacted the store he’d ordered from and they confirmed that his pizza was baking and would soon be on its way. But honesty got the best of the man, and when his pizza arrived, he informed the delivery driver of the hack, and he paid in cash for the total cost of the order.

Domino’s has since closed the hole in its app that allowed for this exploit. But it did so quite some time after Price alerted the restaurant to his findings. There’s no telling how many others might’ve also discovered the hack and enjoyed free pizzas because of it.

Things have been busy here in a good way. I have been pulling some 19 hour days. Hopefully by Sunday things are going to cool off just a bit and I can enjoy the holidays. I hope you will stay tuned in through the Christmas break as I will be cranking out shows throughout the holiday period. We introduce a new sponsor to the show tonight details below… I talk about GoDaddy.com coming on board as out CES 2012 Official Media Sponsor and the Special Offer!

2010 and 2011 have been rough years for Sony and for PS3 owners who use the popular PlayStation Network for online gaming. The service has come under attack, and been taken down, on more than one occasion, and for extended time periods. The latest attack began to hit the news yesterday, when it was learned that the service was again under attack.

Reports have ranged from DDOS attack to user account hacking, but earlier today Sony finally set the record straight about what is going on, how extensive the attack is, and what steps they are taking fix the problem.

According to Sony, the attack spanned three of their networks – the PlayStation Network, Sony Entertainment Network, and Sony Online Entertainment. A total of approximately 93,000 users have been affected, and those accounts have now been locked by Sony. It appears to have been a hacking attack – the perpetrators attempted to gain log-in access to accounts, and succeeded on 93,000 of them, which is actually a relatively small percentage. At this time, Sony says that those users’ credit card data is still safe.

If you have a PSN account, even if you don’t think you were affected, I would still recommend changing your password. Use a long password that incorporates letters, numbers, and symbols. Although, Sony says credit information wasn’t gained, it would still be prudent to monitor you account closely and report anything that seems suspicious.

Below is full text of Sony’s announcement.

“12 October 2011

Tokyo, October 12 – Sony Network Entertainment International LLC and Sony Online Entertainment (SOE) have detected a large amount of unauthorized sign-in attempts on PlayStation®Network (PSN), Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) services. We discovered these attempts and have taken steps to mitigate the activity.

Less than one tenth of one percent of our PSN, SEN and SOE consumers may have been affected. There were approximately 93,000 accounts (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. As a preventative measure, we will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures.

Credit card numbers associated with these accounts are not at risk as a result of these unauthorized attempts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are continuing to investigate the extent of unauthorized activity on any of these accounts.

These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or sources. These were unauthorized attempts to verify valid user accounts on our services using very large sets of sign-in IDs and passwords. Between October 7 – 10 US Pacific Daylight Time, we confirmed that these were unauthorized attempts, and took steps to thwart this activity.

Feels good to be back in the full swing of the show. I am having a great trip here in Albuquerque and really enjoying myself, will be doing an Ohana meet up this coming Friday. If you want to come out to dinner and your in the local area drop me an email so I can pass location and time.

The following Sponsors support GNC your support of them is appreciated!
GoDaddy services saves you money, check out my Promo Codes Today.
Visit gotomeeting.com, click the try it free button & use promo code: Podcast.Infusionsoft, leader in marketing automation software for businesses see how they can help your Business..

If you are running an older version of WP version 2.8.3 or before you need to upgrade immediately. You risk having to re-install WordPress, this is a pretty major attack. If you host your blog at wordpress.com you are ok. This attack is reportedly growing by the hour.

Washington DC Meet Up on Wednesday the 13th meet between 6 and 6:30pm at King Street Blues, Old Town Address: 112 North Saint Asaph Street, Alexandria, VA 22314 (Between King and Cameron Streets) Phone: (703) 836-8800